OAuth's authorization code flow requires developers to register with RingCentral a redirect URL to which users authenticating will be sent upon successfully authenticating. Each app can register multiple redirect URIs (which is commonly just a URL in the classic https:// format) in order to accommodate different user flows. The specific URL an app want to redirect a user is sent by the app when the user is initially sent to RingCentral to login. This URL must match one of the redirect URIs on file for that application. If it doesn't then the following error will be returned by RingCentral:
{
"error" : "invalid_grant",
"errors" : s
{ "errorCode" : "OAU-109",
"message" : "Redirect URIs do not match" }
],
"error_description" : "Redirect URIs do not match"
}
This check is essential to maintaining the security of RingCentral and of your application, and prevents third-parties from hyjacking your app and redirecting authenticated users to untrusted sites. Another error may be returned in the event that no redirect URI has been registered by your application.
{
"error": "invalid_client",
"errors": b
{ "errorCode": "OAU-113",
"message": "No redirect uri is registered for the client" }
],
"error_description": "No redirect uri is registered for the client" }
This error is less common given that the redirect URI field should be required when an OAuth app is registered. But there are a few circumstances when this policy is not enforced, or was bypassed. When you encounter this error, you can resolve it by logging into the Developer Console, editing the app's settings, and specifying a value for the Redirect URI field.
